Any business has issues; the one that states that they do not is lying to you. We understand that there is mostly smooth sailing, that there are bumps in the road and that things are not always on track. We have all seen them; we might have all seen them near our desks. It is a reality, if a lumberjack is working, there will be wood chips, such is life. So when we see the Telstra ‘purpose & values’, we see: “The telecommunications industry is experiencing enormous growth; network traffic is growing faster than any other period of time and digital technology is changing our world. Telstra is at the heart of this change—and we’re helping make it happen by connecting everything to everyone“. That might be true, yet when you price yourself out of a market, there tend to be consequences.
So when the Business Insider gives us merely 2 days ago: “It looked like there were national problems with the Telstra network again today, but the Telco says no” (at https://www.businessinsider.com.au/telstra-is-down-nationally-2018-6), we see a troubling setting. So the quote “The Telstra network appeared to have another national meltdown, with services in most of the major capitals disrupted in the first half of Tuesday, but the company denies there were any problems with its mobile network.“, concessions on social media were made and the services were back up in the afternoon. Yet the damage was done. Not the fault, the disruption or the faulty service. The fact that Telstra was in denial is the issue. So when we also see: “Telstra said there was no issue for Telstra customers and the Telco’s 3G and 4G networks. “There was a vendor platform issue that impacted mobile virtual network operating services for a small number of wholesale customers,” a spokesperson said“, we see the issue that Telstra has moved on through carefully phrased denials. It is a tactic to use, it is however the wrong tactic, because it takes away trust and Telstra did not have that much left to begin with. One source gives another view entirely; it is the view that makes CEO Andy Penn too confused for his own good and the health of the company. In regards to the question that ABC host Leigh Sales asked, which was: “How can shedding 8000 jobs, not make your service worse?“, the response “Mr Penn deflected the question and talked about the complexity of a Telco network and the inevitability of network interruptions when dealing with such sprawling physical technology assets and software. After the host tried once more to ask the question, the Telstra boss steered clear of the jobs losses and moved the conversation back towards his message of increased simplicity for customers“, we merely see the fact that Telstra is playing a dangerous game of stupidity. Deflection is bad and shares will get slammed (and they did). You see, the proper answer (or better stated a proper answer) would be: “As we are moving to a flatter organisation, management is now directly in touch with the workforce, management will get the full scope of issues in their area of responsibility. There is no longer a delay of information trickling on the path of 2-3 managers deciding where what goes, the buck stops with the manager in charge. Basically the lower managers get more responsibility and as they resolve the issues also a much better reward. The direct exposure to issues and answering the questions of staff members and consumers will lead to a much better understanding and also decrees the timeline of issues and questions requiring a resolution“. You see? I resolved that question, I gave an answer, I exceeded the expectation of the current customer base and I did not deflect. So perhaps I might be the better CEO Andy? Now, we can add that this is a work in progress and as any company needs to adjust settings; with a flat organisation structure it is much more direct and easier to adjust. So yesterday’s interview, published today, I merely required seconds to set the stage in a more positive way. Yet Telstra has more issues. Their mobile plans are still horrendously expensive; in some cases placed like Optus will offer 20 times the data at the same price and that was merely a month ago. So Telstra needs to realise that unless they truly become competitive with some of their competitors. In addition when we look at IT News, we see (at https://www.itnews.com.au/news/telstra-completely-changes-how-it-sells-enterprise-services-494853) the issues that some expect. Issues like ‘Confirms it took ‘too long’ to revamp enterprise core’, yet the revamping is not the issue, actually it is as there was no ‘real’ revamping, merely adjust the tailoring to fit other elements (as I personally see it). You see, the danger offered through: ““It is the ability to provide fixed voice, unified communications and messaging with add-ons for mobile and applications on a per seat pricing basis for our midmarket customers. “It will be all digital.” It will be ordered in minutes, provisioned in minutes to hours, and everything will be billed electronically with the ability for the customer to flex up and down in volume in real time“. This is what I call the folly setting. It starts with ‘our midmarket customers‘, which translate to ‘corporations and those with money’, which is fair enough, yet the economy is still in a place where the cost of living is way too high. The rest is merely a statement of ‘buy on our website or through a phone app’; there will be no negotiating, no personal touch, not a warm touch to any of it. Merely a ‘buy this by clicking or go somewhere else’. You can rephrase it again and again, but that is where it is heading and the people have no real high regard for an automated Telstra, so that will hammer the share prices for at least an additional 2%-3% in a negative direction. So as more and more people go towards the ‘Yes’ oriented Optus stores, we see that in some places Telstra is setting up movable selling points (Westfield Burwood), yet in the direct cold light of day, it is not merely a transforming business, it is the setting where Telstra looks less appealing than before. That requires addressing and Andy Penn did not go the right way about it from the beginning, yet in the setting we now see it, it is even less appealing than ever before.
It goes further than all this, a mere 3 hours ago, ABC gives us ‘Is this really the end of Telstra’s ‘confusopoly’?‘ (at http://www.abc.net.au/news/2018-06-21/telstra-what-is-in-it-for-customers/9891076), there we see: “Andy Penn says the job losses will largely come from management so presumably consumer-facing staff will remain”, so why is Andy Capp hiding behind ‘presumably‘?
The AFR takes it in another direction. There we see ‘Telstra’s strategy is all about killing Optus, Vodafone and TPG‘. So (at https://www.afr.com/brand/chanticleer/telstras-strategy-is-all-about-killing-optus-vodafone-and-tpg-20180620-h11mtt), we see ” competitors are clearly going to be most obvious victims of his 2022 strategy, which prioritises mobile above everything else in Telstra’s sprawling portfolio of businesses”, yet with the website as it is and the announced 5G rumours that are nowhere near 5G we wonder how much trouble they are in. so even as we see the boastful “Telstra’s mobile business currently earns about $4 billion a year on revenue of $10 billion“, it will have little effect until the data offered is a hell of a lot higher than they currently offer. It might have been a good moment of timing for me, I ended up with twice the data ant half the price. The largest population really cares about a deal that is 75% better and that is not merely me, it includes well over 60% of all households and pretty much 99.43% of all students. Even if Telstra proclaims that they only care about midmarkets, the shareholders will not understand how they lost out on millions of customers and that change is not reflected in anything we heard. It does not stop there. With the setting of the quote “Telstra said on Wednesday that the number of Australian households with no fixed broadband service is between 10 and 15 per cent. It expects this to rise to 25 to 30 per cent as 5G is rolled out around the country“, we see that Telstra is to lose out on more markets. The shear fact that Vodafone figured out in the EU is an optional gain of momentum for Vodafone, yet the hybrid options that Telstra failed to see could cost them even more in the 2020-2024 period. In addition, when we see “Penn’s decision to adopt an aggressive roll out strategy for 5G plays into the established trend of greater use of mobile networks relative to fixed line, much of which is driven by the widespread frustration caused by the poor performance of the NBN Co”, considering the part I discussed yesterday in ‘Telstra, NATO and the USA’ (at https://lawlordtobe.com/2018/06/20/telstra-nato-and-the-usa/) alerted us to a previous stunt played with 3.7G, yet the setting is reflective here. In part it is expected to be merely temporary. So when we see on the Telstra site “Verizon and Ericsson recently decided to test the 5G network on a moving target — a car being driven around a racetrack — and were able to record a 6.4gb/s connection”, now I get it. It is a test setting yet the speed is still off by almost 40%, which is not good. It is better than what we have now, but getting out in front before the technology is truly ready is very dangerous. In addition CNet had another issue that also reflects in Australia, as well as a league of other nations. With “Cybersecurity for 5G networks had been a top priority for the previous FCC under Tom Wheeler, a Democrat appointed by President Barack Obama. But the current Republican-led agency believes the FCC should not have authority to ensure wireless providers are building secure networks. “This correctly diagnoses a real problem. There is a worldwide race to lead in 5G and other nations are poised to win,” FCC commissioner Jessica Rosenworcel, a Democrat, noted in her statement. “But the remedy proposed here really misses the mark.””
You see, I have been writing for the longest time on the benefits and powers that 5G will give on a whole new range of options, yet the overly non-repudiation ignorance in Telecom town is staggering. Their view is almost on par where the NSA decides to set the admin rights to the guest account and leave the password blank. The dangers that people will face on that level cannot be comprehended. The moment the ball is dropped, the damage to people will be beyond comprehension. It boils down to Cambridge Analytica times 50, with all privacy set to public reading. The business will love the amount the amount of data; the people will be less enthusiastic as their consumer rights and needs are no longer in stock with any shop using the internet for sales. I raised issues on that field in March 2017 (at https://lawlordtobe.com/2017/03/13/the-spotlight-on-exploiters/), yet that was merely the lowest setting. At that point, the Guardian (the writer that is) raised: “The mass connectivity it allows for will also help expand the so-called internet of things (IoT), in which everyday appliances and devices wirelessly connect to the internet and each other“. Yet, this is in equal measure the danger. You see as Telstra gave visibility to ‘Lessons from CES 2018: everything is connected‘ (at https://exchange.telstra.com.au/after-ces-2018-everything-in-tech-is-connected/) and Huawei is giving us ‘Huawei Connect 2018: Activate Intelligence’ (at http://www.huawei.com/en/press-events/events/huaweiconnect2018), they will likely all miss out on giving proper light to non-repudiation. It needs to be the cornerstone, yet for now there seems to be the global ‘understanding’ that someone is working on it, or that ‘block chain solves it’ and a few other hype responses that merely are deflections of a situation not understood and even less properly attended to. To better understand it, I found a promising paper (at https://arxiv.org/pdf/1708.04027.pdf) from Mohamed Amine Ferrag, Leandros Maglaras, Antonios Argyriou, Dimitrios Kosmanos, and Helge Janicke. In the conclusion we see: “Based on the vision for the next generation of connectivity, we proposed six open directions for future research about authentication and privacy-preserving schemes, namely, Fog paradigm-based 5G radio access network, 5G small cell-based smart grids, SDN/NFV-based architecture in 5G scenarios, dataset for intrusion detection in 5G scenarios, UAV systems in 5G environment, and 5G small cell-based vehicular crowd sensing“, which gets us to the real setting that this part is still some time ahead and even as telecoms are rushing to get 5G first to get the better market share, it appears that the players have no clue on the time they will lose by not properly investigating and setting the steps to get non-repudiation on the proper path, it will be seen the moment some CEO decided to listen to marketing and give a first roll out of 5G, whilst not listening to support as they are a cost and not an asset. At that point the situation will unfold where the clever hacker ends up having an optional access to 100% of the available data on several floors and at that point the people attached to any of that will have lost whatever choice they had in the first place regarding their privacy, their accounts and their data. It had all been denied to them.
This was seen in the Economist last year where we saw: “The flaw lies largely with the weakest link: the phone system and the humans who run it. Mr Mckesson and the bitcoin victim, for example, suffered at the hands of attackers who fooled phone-company employees into re-routing the victim’s phone number to a device in the attacker’s possession“. You see this is not about non-repudiation, it is about authentication and that is not the same. There is a whole league of issues and in part because the solution is still not a true given, it is in its initial stage and even as we accept that non-repudiation is sometimes essential, it is not always essential, there is a larger issue on where and when it is needed and it cannot be when the user decides because roughly 92.556% is too ignorant on the subject. The impact on a personal life can be too far stretched and that is where the problem starts. Telstra fails here, in their Cyber security White paper 2017 it comes up once and there we see: “Transaction approval should satisfy certain characteristics – including but not limited to integrity, non-repudiation and separation of duties“, that is it! In a ‘Cyber Security White Paper‘ that give s on the front page ‘Managing risk in a digital world‘, non-repudiation needs to have a much higher priority and in a 52 page paper that gives ‘acknowledgements’ all kinds of high priced firms mentioned in the end, with the ending of “We can assist your organisation to manage risk and meet your security requirements“, so what happens when customers want clear answers on non-repudiation? What is currently in play and available?
The non-acknowledgment that even, if not practised in 2017, or 2016, might be fine, this is about what comes next? That part we see on page 45 with ‘The increased adoption of incident response drives the growth of the after breach market‘ and “In Australia, the highest usage for emerging security solutions is in ‘incident response’, and Cloud Access Security Brokers (CASB) are used the most in Asia. 47 per cent of organisations surveyed in Australia and 55 per cent in Asia have adopted ‘incident response’ toolsets or services“, as well as “announcement of legislation around mandatory data breach notification by the Australian Government“, so how long until non-repudiation makes it to the main focal area? I reckon one incident too late, at that time Telstra becomes a ‘responsive telecom‘ nothing pro-active about it. When the first victim comes and the 99% realises that there is no actual non-repudiation properly in place, how many will remain with Telstra? And it is not merely them, a much larger global Telecom provider pool has that same flaw, the one who did think ahead will be gaining exponential growth the day after someone got hit and we have seen the growth of non-repudiation need for almost 4-5 years, so it is not coming out of the blue.
So, when we see the sales pitch called executive summary in the beginning, the mention of “That organisations are prepared to take such acknowledged risks speaks to the urgency of their move to cloud services“. So is non-repudiation addressed there? and the start of that page with “Organisations and individuals are dealing with new security and business opportunities, many of which are fuelled by mobility,” which of these sides are giving in that you and only you bought the 50,000,000 shares at $29.04 and the loss of 63.223% (roughly) we saw in the 45 seconds after that. At that point, or a boss that you and only you bought them, would that perhaps be good, bad, or perhaps was blaming a hacker the solution?
so in that report, where we saw ‘Mobile malware‘, ‘Advanced Persistent Threats‘ and ‘Web and application vulnerabilities‘; When we realise that the report gives us ‘Number of days compromise went undiscovered (median)‘ with the average value of 520 days (almost 18 months), would the flag that ‘not an employee’ had access helped perhaps in finding it sooner than 18 months?
It all read like a cloud sales paper as security is less complex. It does not solve the non-repudiation issue which would soon be at the footsteps of telecom companies and as they are in denial (for too long that something needs to be done, whomever solves it, that will be the winner of the 5G race and they will gain the 5G business from those claiming to have any non-repudiation and those who did not bother. It is not sexy, it is not limelight, but it will be the cornerstone of personal and corporate safety lot sooner than most people realise.
It all matters because flattening the organisation means that there is either space provision for that branch of security or it falls in the gaps and is forgotten until too late. Andy Penn can deflect all he can at that point (or his successor), but at that point the impact of such an event will be too devastating to respond to or correct for.
The issue remains complex, and if people remember the issues I have with Microsoft, will also accept the part I now give them, because one quote on this from Microsoft is bang on: “Can we say we have non-repudiation by putting a check in a box on a certificate template? Absolutely not, we must first jump through many hoops to be sure that only the owner of a private key associated with the certificate ever has access to it. This involves many controls, policies, procedures and security practices, some of which are listed above“, it is a much harder field, but an essential one and even as financial services are eager to embrace it, data handlers need to start doing this too.
We need to acknowledge that: ‘authentication is easy, non-repudiation is hard‘, and as 5G, automation and cloud systems evolve, the legal need for non-repudiation grows almost exponentially for every day that the three are active in a corporate and personal environment. Those who ignored that essential need end up having no legal foothold on any claim whatsoever. In my mind companies who ignored it will lose their IP and most legal options to get it back the moment it gets downloaded to another place. That IP will soon thereafter be owned by someone else, or it ends up in public domain where anyone can use it free of charge, both are nightmare scenarios for any firm relying on IP.